Adding device profiling to an authentication API-based application - PingOne Cloud Platform - PingOne Services - PingOne - PingOne Risk

PingOne Risk Integration Kit
bundle
pingfederate-pingone-risk-ik
ft:publication_title
PingOne Risk Integration Kit
Product_Version_ce
PingOne Cloud Platform
PingOne Services
PingOne
PingOne Risk
category
Administrator
Audience
ContentType
English
Integration
Language
OtherDocs
Product
Productdocumentation
integrationdoc
p1
p1cloudplatform
p1riskx
p1services
ContentType_ce
Product documentation
Integration

If you are using the PingFederate authentication API and want to avoid using HTTP cookies, modify your application to collect the device profile and send it to the authentication API.

Page created: 3 Jun 2022 |
Page updated: 16 Jun 2023

Adding device profiling to an authentication API-based application using the PingOne Risk (Signals) SDK and integration kit 1.3.1

Page created: 28 Mar 2023 |
Page updated: 16 Jun 2023
| 1 min read

PingOne Cloud Platform PingOne PingOne Services PingOne Risk Product Other Documents Integrations Language English Integration Content Type Product documentation Audience Administrator

Use the following instructions to add device profiling to a web application using the PingOne Risk (Signals) SDK. For more information about the authentication API, see Authentication API in the PingFederate documentation or PingOne Risk Native SDKs in the PingOne Native SDK documentation.

Important:

PingOne Risk Integration Kit version 1.3.1 must be deployed before any changes can be made on the HTML side. SDK version 5.2.1 or later requires adapter version 1.3.1 or later.

  1. Implement the Signals SDK by following the steps in PingOne Risk Native SDKs.
  2. Configure functions to format the device profile and submit it to the authentication API. Use the following code sample as a guide.
    Note:

    The pingone-risk-profiling-signals-sdk.js assumes you are using the web SDK. If using a mobile device and you want to send the deviceProfile check the SDK documentation and use accordingly.

    function onCompletion(flowId, deviceProfile) {
	submitDeviceProfile(flowId, deviceProfile);
}

function submitDeviceProfile(flowId, deviceProfile) {
	var myHeaders = new Headers();
	myHeaders.append("X-XSRF-Header", "test");
	myHeaders.append("Content-Type", "application/vnd.pingidentity.submitDeviceProfile+json");
​
	var raw = JSON.stringify({
    	"signalsSdkDeviceProfile": deviceProfile
	});
​
	var requestOptions = {
    	method: 'POST',
    	headers: myHeaders,
    	body: raw,
    	redirect: 'follow'
	};
​
	fetch("https://pf_host:pf_port/pf-ws/authn/flows/" + flowId, requestOptions)
    	.then(response => response.text())
    	.then(result => console.log(result))
    	.catch(error => console.log('error', error));
}

    When the authentication API is in the DEVICE_PROFILE_REQUIRED state, your application should submitDeviceProfile with the value from the profileDevice(callback) method.

  3. When you complete the steps in Configuring an adapter instance, set the Device profiling method to Captured by previous adapter.

Adding device profiling to an authentication API-based application using the PingOne Risk (Signals) SDK and integration kit 1.3 or earlier

Page created: 20 Sep 2022 |
Page updated: 16 Jun 2023
| 1 min read

PingOne Cloud Platform PingOne PingOne Services PingOne Risk Product Other Documents Integrations Language English Integration Content Type Product documentation Audience Administrator

Use the following instructions to add device profiling to a web application using the PingOne Risk (Signals) SDK. For more information about the authentication API, see Authentication API in the PingFederate documentation or PingOne Risk Native SDKs in the PingOne Native SDK documentation.

  1. Implement the Signals SDK by following the steps in PingOne Risk Native SDKs.
  2. Configure functions to format the device profile and submit it to the authentication API. Use the following code sample as a guide.
    Note:

    The pingone-risk-profiling-signals-sdk.js assumes you are using the web SDK. If using a mobile device and you want to send the deviceProfile check the SDK documentation and use accordingly.

    function onCompletion(flowId, deviceProfile) {
	submitDeviceProfile(flowId, deviceProfile);
}

function submitDeviceProfile(flowId, deviceProfile) {
	var myHeaders = new Headers();
	myHeaders.append("X-XSRF-Header", "test");
	myHeaders.append("Content-Type", "application/vnd.pingidentity.submitDeviceProfile+json");
​
	var raw = JSON.stringify({
    	"signalsSdkDeviceProfile": deviceProfile
	});
​
	var requestOptions = {
    	method: 'POST',
    	headers: myHeaders,
    	body: raw,
    	redirect: 'follow'
	};
​
	fetch("https://pf_host:pf_port/pf-ws/authn/flows/" + flowId, requestOptions)
    	.then(response => response.text())
    	.then(result => console.log(result))
    	.catch(error => console.log('error', error));
}

    When the authentication API is in the DEVICE_PROFILE_REQUIRED state, your application should submitDeviceProfile with the value from the profileDevice(callback) method.

  3. When you complete the steps in Configuring an adapter instance, set the Device profiling method to Captured by previous adapter.

Adding device profiling to an Authentication API-based application using Fingerprint JS

Page created: 20 Sep 2022 |
Page updated: 16 Jun 2023
| 2 min read

PingOne Cloud Platform PingOne PingOne Services PingOne Risk Product Other Documents Integrations Language English Integration Content Type Product documentation Audience Administrator

Use the following instructions to add device profiling to a web application using Fingerprint JS. For more information about the authentication API, see Authentication API in the PingFederate documentation.

Note:

The PingOne Risk (Signals) SDK is the preferred way to get device profiling and is recommended for use in the PingOne Risk Integration Kit 1.3 and later.

  1. Copy the following files from the integration .zip archive to your web server.
    • fingerprint2-<version>.min.js
    • pingone-risk-management-profiling.js
  2. Add the following external script references to the sign-on page:
    Important:

    The scripts must be added in the following order.

    <script type="text/javascript" src="fingerprint2-<version>.min.js"></script>
<script type="text/javascript" src="pingone-risk-management-profiling.js"></script>
  3. Configure your application to call the profileDevice(onCompletion) function. This creates the device profile.
  4. Configure functions to format the device profile and submit it to the authentication API. Use the following code sample as a guide. 
    function onCompletion(flowId, components) {
    var deviceProfile = transformComponentsToDeviceProfile(components);
    submitDeviceProfile(flowId, deviceProfile);
}
​
function submitDeviceProfile(flowId, deviceProfile) {
    var myHeaders = new Headers();
    myHeaders.append("X-XSRF-Header", "test");
    myHeaders.append("Content-Type", "application/vnd.pingidentity.submitDeviceProfile+json");
​
    var raw = JSON.stringify({
        "deviceProfile": deviceProfile
    });
​
    var requestOptions = {
        method: 'POST',
        headers: myHeaders,
        body: raw,
        redirect: 'follow'
    };
​
    fetch("https://pf_host:pf_port/pf-ws/authn/flows/" + flowId, requestOptions)
        .then(response => response.text())
        .then(result => console.log(result))
        .catch(error => console.log('error', error));
}
    When the authentication API is in the DEVICE_PROFILE_REQUIRED state, your application should submitDeviceProfile with a value structured as follows:
    {
   "deviceProfile":{
      "userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:82.0) Gecko/20100101 Firefox/82.0",
      "language":"en-CA",
      "colorDepth":24,
      "deviceMemory":null,
      "hardwareConcurrency":12,
      "screenResolution":[
         3440,
         1440
      ],
      "availableScreenResolution":[
         3440,
         1417
      ],
      "timezoneOffset":480,
      "timezone":"America/Los_Angeles",
      "sessionStorage":true,
      "localStorage":true,
      "indexedDb":true,
      "addBehaviour":false,
      "openDatabase":false,
      "cpuClass":null,
      "platform":"MacIntel",
      "plugins":[
      ],
      "webgl":[
         "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAACWCAYAAABkW7XSAAARYUlEQVR4nO3c30vcj57f8effUWg5F1
		 [...]
		 WEBGL_draw_buffers;WEBGL_lose_context",
         "webgl aliased line width range:[1, 1]",
         "webgl aliased point size range:[1, 8191]",
         [...]
         "webgl fragment shader low int precision rangeMin:24",
         "webgl fragment shader low int precision rangeMax:24"
      ],
      "webglVendorAndRenderer":"ATI Technologies Inc.~AMD Radeon Pro 560X OpenGL Engine",
      "adBlock":false,
      "hasLiedLanguages":false,
      "hasLiedResolution":false,
      "hasLiedOs":false,
      "hasLiedBrowser":false,
      "touchSupport":[
         "0",
         "false",
         "false"
      ],
      "fonts":[
         "Andale Mono",
         "Arial",
         [...]
         "Wingdings",
         "Wingdings 2",
         "Wingdings 3"
      ],
      "audio":"35.7383295930922"
   }
}
  5. When you complete the steps in Configuring an adapter instance, set the Device profiling method to Captured by this adapter.